June 30, 2023

3 things that make a CIO-CFO dream team

A study conducted by Gartner, detailed in the report “CIOs: Improve How You collaborate With Your CFO,” found that when CFOs are asked how well their most senior IT executive understands the impact of technology on finance, more than half indicate that their IT counterparts are lacking in this area. But surprisingly few companies choose CIOs for their financial skills. “Financial knowledge is not something clients typically ask for when recruiting a CIO,” says Thistle. “However, the CIO will be expected to understand and manage IT costs and budgets, both Capex and Opex.” ... “Even when there is a CFO of IT, the person at the top, the CIO, still needs to understand finance,” he says. “Most CIOs don’t have the benefit of a background in finance. I’ve never met a CIO who went into IT to manage money, yet that’s what they have to do. They have to run IT like a business within a business.” The biggest challenge is not getting a handle on cost, but on value. CIOs can easily show cost on a general ledger. But estimating the future value of technology is more art than science. Investment decisions need to be driven by business outcomes that can be measured and, ideally, monetized.?

‘Shadow’ AI use becoming a driver of insider cyber risk

“People don’t need to have malicious intent to cause a data breach,” said Ray. “Most of the time, they are just trying to be more efficient in doing their jobs. But if companies are blind to LLMs accessing their back-end code or sensitive data stores, it’s just a matter of time before it blows up in their faces.” Insider threats are thought to be the underlying reason for almost 60% of data breaches, according to Imperva’s own data, but many are still not properly prioritised by organisations since a not insignificant number of them are simply cases of human error – a recent study by the firm found that 33% of organisations don’t perceive insiders as a significant threat. Ray said trying to restrict AI usage inside the organisation now was very much a case of shutting the stable door after the horse had bolted. “Forbidding employees from using generative AI is futile,” said Ray. “We’ve seen this with so many other technologies – people are inevitably able to find their way around such restrictions and so prohibitions just create an endless game of whack-a-mole for security teams, without keeping the enterprise meaningfully safer.”

Generative AI may help make 'low-code' more 'no-code' - but with important caveats

AI will ultimately serve "as a way to enable low-code and no-code environments," says Leon Kallikkadan, vice president of technology at Atrium. "I also think that as other partnerships can come onboard it will make low-code and no-code more of a possibility. I believe it will be a phased approach whereby as you, the human developer builds it, an AI component will start creating a vision or future step. The long-term possibilities depend on how deep the integration is, but yes, it can go that far to become a low-code, no-code environment." No and low-code solutions may be a good fit for non-technical users. "Low code is more geared towards non-coders," says Jesse Reiss, CTO of Hummingbird. "It provides organizations with the ability to reimagine business processes without obtaining steep IT expertise. This is crucial for small- to medium-sized businesses, especially during the ongoing labor challenge where they can be short-staffed or do not have the resources to support business operations." Generative AI is more suitable for development work requiring high-level expertise, experts state.

Top Issues Architecture Leaders Need to Address in 2023

Over the next five years, leaders need to be aware that the architect resource shortage will not improve. Resources may be unavailable in the marketplace as you look to refill your bench. Today, there are 10 to 20 open positions for every available architect looking for a job, and the future job market looks bleak. This resource shortage means architecture leaders will either need to develop the skills and experiences internally or they will need to look at how they utilize technology to do more with fewer people, and most probably a combination of both. If you’re looking to do more with less or training new architects, determine now how to maintain the tribal knowledge of your senior architects. ... Most of today’s architects analyze in Excel or the standalone modeling tools they work in. When architects are only looking at a minimal set of information, they are missing the broad operational data available across the organization, which are found in systems like CMDB, CRMs, ERPs, HR solutions, and facility management systems to gather critical operational data about what’s going on in terms of manufacturing processes, business processes, org structures, costs, and more.

SEC notice to SolarWinds CISO and CFO roils cybersecurity industry

The move by the SEC will make CSOs more individually accountable for cybersecurity, said Agnidipta Sarkar, a former CISO of pharmaceuticals company Biocon. "Though it doesn’t mean that the CISO has been charged, it is a new milestone. From today onwards, CISOs will increasingly be made accountable for the decisions they take or did not take," Sarkar said. However, attributing blame solely to the CISO or CFO might not always be fair or accurate, said Ruby Mishra, CISO at KPMG India. "In order to manage cybersecurity effectively, the organization adopts a multilayered approach involving various stakeholders and departments. Holding the CISO or CFO solely responsible for a cyberattack may overlook the collective responsibility," Mishra said. ... "Before issuing the notice, the SEC may have considered a variety of factors, including specific circumstances, and legal frameworks, or may have demonstrated negligence if CISO failed to implement adequate security measures, neglected SEC policies, guidelines, and practices, or ignored known vulnerabilities," Mishra said.

3 Initiatives CISOs Can Take for Their Security and Resilience Journey

Businesses can help reduce the risk of a data breach by creating the right cyber defense and recovery plans. This comprehensive strategy should include the following: A risk assessment of the IT environment’s threat landscape; An incident response plan that defines in detail the procedures to follow after a breach;?A business continuity plan that outlines how to recover from a breach as quickly and gracefully as possible. According to the U.S. Department of Defense, “zero trust” means that organizations should “never trust, always verify” (DOD CIO, 2022). Rather than granting indiscriminate access to applications, devices, and other IT assets, businesses should give users only the resources they need when they need them. In a zero-trust approach, all users, devices, and applications are treated as potentially compromised, with the organization’s defenses locked down accordingly. Techniques may include strict access controls, multifactor authentication (MFA), and monitoring user activities. Certified CISOs should act to define a zero-trust strategy that aligns with the organization’s IT governance and compliance requirements.

Read more here ...